JAMF to track Documentation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi there Nation!
Recently my employer asked to track what employees do on their MDM managed laptop. For example, They want to track every little thing that the employee does on their laptop whether said employee is watching Netflix, Downloading documentation, working on personal projects instead of work related projects. Is there feature on JAMF that allows this? I wouldn't like to source out a 3rd party for this, but if not possible in JAMF then I could do that. I know we have logs but it's not detailed enough for them. Please and thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
A lot of what your employer wants could be handled by a data loss prevention (DLP) solution. Jamf Pro does show application usage logs in the History section of a computer's inventory. That could be helpful. The computer usage log wiill show the startups and shut downs. Since you can create extension attributes to look for just about anything on the managed Macs, an EA could search for specific data on the Mac that would reveal certain kinds of usage and report on it. You can use an EA to check if the users are logged into iCloud, and with what email address. Hopefully your Macs are in Apple Business Manager and are auto-enrolling in Jamf Pro. If they are, you can block activation lock being activated when a user logs into the Mac with their own Apple account. I'm sure other Jamf admins who answer this post will provide some more information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
@Fabian This is well beyond the scope of the capabilities built in to Jamf Pro. It's also asking for a lot of data to be collected, and while @howie_isaacks ' suggestion of a DLP tool might collect some of this info they're typically focused on what data is bing _sent_ from an endpoint rather than all activities on a device. If you're really concerned with the data coming into your Macs you'd probably have better luck using an always on VPN to force traffic through your corporate network when you can do content filtering, or install a CASB agent that applies filtering on the endpoint (I'll refrain from mentioning any specific product in that category).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
The reason you are not seeing anything for this in Jamf documentation, is because Jamf Pro does not any of do this. Jamf Pro is an MDM, and honestly the best MDM on the market for macOS. This is a level of micromanagement I have not seen in a very long time but Jamf Pro could enable all of this once you have the correct tools in your environment.
- Most of what you want can be covered by DLP/Network Security tools as others have said, you can look into tools like Zscaler, Netskope or Forcepoint. They will be able to monitor all network activity.
- As far as monitoring what is being done locally, you will want a Endpoint Permissions Manager tool like Beyond Trust or CyberArk or an Endpoint Detection and Response tool like Sentinel One or CrowdStrike. They monitor all the processes and who started them.
- Ultimately you will want all this information going to SIEM like Splunk for a single location to view the information and write reports. The two main tools for SIEM log redirection on macOS would be Jamf Protect and Splunk Forwarder (assuming you are using Splunk).
I have a feeling your leadership will lose interest in this once they figure out how much it will cost.
